You are on page 1of 53

MMS DIV A SEM 2 (2013-15)






1. 1.1 1.2 1.3 1.4 1.5 2. 2.1 2.2 2.3 2.4 3. 3.1 3.2 4. 5. 5.1 6. 7. 8. 9. 10. 11.

INTRODUCTION: Reasons for enactment of IT act Objectives of IT act Structure of IT act Terminologies with reference to IT act Need for amendment SOME IMPORTANT TERMS: Digital signature Electronic signature E-governance Certifying Authority CYBER CRIMES Introduction Types of cyber crimes IMPORTANT SECTIONS OF IT ACT ROLE OF IT IN BANKING E-banking NASSCOM CYBER CRIME STATISTICS IN INDIA CASE STUDIES COMPARISON OF IT ACT OF INDIA AND BRAZIL CONCLUSION BIBLIOGRAPHY

03 03 04 05 06 07 08 08 10 11 12 13 13 14 15 25 26 30 33 38 44 47 49



1. INTRODUCTION In the knowledge society of 21st century, computer, internet and ICT or e-revolution has changed the life style of the people. Today paper based communication has been substituted by e-communication, paper based commerce by e-commerce and paper based governance by e-governance. We have new terminologies like cyber world, netizens, e-transaction, ebanking, e-return and e-contracts. Apart from positive side of e-revolution there is seamy side also as computer; internet and ICT in the hands of criminals has become weapon of offence. Accordingly a new branch of jurisprudence emerged to tackle the problems of cyber crimes in cyber space i.e. Cyber Law or Cyber Space Law or Information Technology Law. For the first time, a Model Law on E-commerce was adopted in 1996 by United Nations Commission on International Trade and Law (UNCITRAL). It was further adopted by the General Assembly of the United Nations by passing a resolution on 31st January, 1997. Further, India was also a signatory to this Model Law and had to revise its national laws as per the said model law. Therefore, in May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President on the 9th June, 2000 and came to be known as the Information Technology Act, 2000. 1.1 Reasons for enactment of IT act: National: a. Increasing use of ICTs in conducting business transactions and entering into contracts, because it was easier, faster and cheaper to store, transact and communicate electronic information than the traditional paper documents. b. Business people were aware of these advantages but were reluctant to interact electronically because there was no legal protection under the existing laws. International reasons: a. International trade through electronic means was growing tremendously and many countries had switched over from traditional paper based commerce to e-commerce. b. The United Nations Commission on International Trade Law (UNCITRAL) had adopted a Model Law on Electronic Commerce in 1996, so as to bring uniformity in laws governing e-commerce across the globe.


c. India, being a signatory to UNCITRAL, had to revise its national laws as per the said model law. Therefore, India also enacted the IT Act, 2000. d. Because the World Trade Organization (WTO) was also likely to conduct its transactions only in electronic medium in future. 1.2 Objectives of IT Act: 1. To provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means commonly referred to as "electronic commerce", which involves the use of alternatives to paper-based methods of communication and storage of information. 2. To provide legal recognition of electronic records and digital signatures. 3. To provide legal recognition to the transactions carried out by means of Electronic Data Interchange (EDI) and other means of electronic communication. 4. To provide legal recognition to business contacts and creation of rights and obligations through electronic media. 5. To establish a regulatory body to supervise the certifying authorities issuing digital signature certificates. 6. To create civil and criminal liabilities for contravention of the provisions of the Act and to prevent misuse of the e-business transactions. 7. To facilitate e-governance and to encourage the use and acceptance of electronic records and digital signatures in government offices and agencies. This would also make the citizen-government interaction more hassle free. 8. To make consequential amendments in the Indian Penal Code, 1860 and the Indian Evidence Act, 1872 to provide for necessary changes in the various provisions which deal with offences relating to documents and paper based transactions. 9. To amend the Reserve Bank of India Act, 1934 so as to facilitate electronic fund transfers between the financial institutions. 10. To amend the Bankers Books Evidence Act, 1891 so as to give legal sanctity for books of accounts maintained in the electronic form by the banks.



1.3 Structure of ITAA 2008 act: 1. I.T Act totally has 13 chapters and 90 sections. 2. The Act begins with preliminary and definitions and from there the chapters that follow deal with authentication of digital signatures, electronic records, electronic signatures etc. 3. The civil offence of data theft and the process of adjudication and appellate procedures have been described. 4. Elaborate procedures for certifying authorities (for digital certificates as per IT Act -2000 and since replaced by electronic signatures in the ITAA -2008) have been spelt out. 5. Then the Act describes some of the well-known cyber crimes and lays down the punishments thereof. 6. Then the concept of due diligence, role of intermediaries and some miscellaneous provisions have been described. 7. Rules and procedures mentioned in the Act have also been laid down in a phased manner, with the latest one on the definition of private and sensitive personal data and the role of intermediaries, due diligence etc, being defined as recently as April 2011.

1.4 Terminologies with reference to IT act: Computer: Computer means any electronic magnetic, optical or other high -speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

Computer System: "computer system" means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;



Communication Devices: Similarly the word communication devices inserted in the ITAA2008 has been given an inclusive definition, taking into its coverage cell phones, personal digital assistance or such other devices used to transmit any text, video etc like what was later being marketed as i Pad or other similar devices on Wi-fi and cellular models.

Communication Network: The word Communication Network as defined in ITAA-2008 means the inter-connection of one or more computers or computer systems or communication device through (i) The use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and (ii) Terminals or a complex consisting of two or more inter-connected computers or communication device whether or not the inter-connection is continuously maintained

Intermediary: Intermediary with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, webhosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes

Information: Information includes data, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche.

Data: Data means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.


1.5 Need for amendment: ITA, 2000 was an Act of extensive debates, elaborate reviews and detailed criticisms. Further, a rapid increase in the use of computer and Internet gave rise to new forms of crimes like, sending offensive emails and multimedia messages, child pornography, cyber terrorism, publishing sexually explicit materials in electronic form, breach of confidentiality and leakage of data by intermediary, e-commerce frauds like cheating by personation - commonly known as phishing, identity theft, frauds on online auction sites, etc. So, penal provisions were required to be included in the Information Technology Act, 2000. Also, the Act needed to be technology-neutral to provide for alternative technology of electronic signature for bringing harmonization with Model Law on Electronic Signatures adopted by United Nations Commission on International Trade Law (UNCITRAL) Thus the need for an amendment a detailed one was felt for the I.T. Act. Major industry bodies were consulted and advisory groups were formed to go into the perceived lacunae in the I.T. Act and comparing it with similar legislations in other nations and to suggest recommendations. Such recommendations were analyzed and subsequently taken up as a comprehensive Amendment Act and after considerable administrative procedures; the consolidated amendment called the Information Technology Amendment Act 2008 was placed in the Parliament and passed without much debate, towards the end of 2008. This Amendment Act got the President assent on 5 Feb 2009 and was made effective from 27 October 2009.




2.1 Digital signature: The Information Technology Act, 2000 validates "DIGITAL SIGNATURE" and provides for enabling a person to use it just like the traditional signature. Digital signature is a secure method of binding the identity of the signer with electronic record or message. The basic function of digital signature is to authenticate the document, to identify the person and to make the contents of the document binding on person putting digital signature. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. It is a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means you know who created the document and you know that it has not been altered in any way. Digital Signatures rely on certain types of encryption to ensure authentication. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. These two processes work in tandem for digital signatures. There are several ways to authenticate a person or information on a computer: 1. A Digital Signature authenticates electronic documents in a similar manner a handwritten signature authenticates printed documents. For example in the US, the budget, public and private laws that are printed by the Government printing Post have digital signatures which verifies that indeed they are prepared by the GPO. 2. This signature cannot be forged and it asserts that a named person wrote or otherwise agreed to the document to which the signature is attached. 3. Digital signature enables the authentication and non-repudiation of digital messages, assuring the recipient of a digital message of both the identity of the sender and the integrity of the message. Legal provisions relating to digital signature: The IT Act, 2000 contains following provisions relating to digital signature: a. Authentication of electronic records


Any subscriber may authenticate an electronic record by affixing his digital signature. b. Authentication by use of asymmetric crypto system and hash function The authentication of electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record. c. Verification of electronic record Any person by the use of public key of the subscriber can verify the electronic record. The private key and the public key are unique to the subscriber and constitute a functioning key pair. For Example:



2.2 Electronic signature: Electronic signature is a wide term and it refers to various methods by which one can sign an electronic record. It may take many forms and could be created by different technologies. It can be as basic as a typed name or a digitized image of a handwritten signature. Consequently, e-signatures are very problematic with regards to maintaining integrity and security, as nothing prevents one individual from typing another individual's name. Due to this reality, an electronic signature that does not incorporate additional measures of security (the way digital signatures do, as described above) is considered an insecure way of signing documentation. The term "electronic signature" is defined under section 2(ta) of the IT Act 2000 ( as inserted by Information Technology Amendment Act 2008 (ITAA) as follows : "Electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature". Major amendments of IT act include adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures not confining the recognition to digital signature process alone. Thus, if you simply write your name and say "I sign" that will be sufficient to constitute electronic signature but obviously it is not at all safe or secure. The person can always say that some other person typed his name in the document without his consent or knowledge. Here, the digital signature plays an important role as the same is secure and the person cannot be allowed to deny that he did not sign unless he prove with clear evidence that it was put without his consent or knowledge.

10 | P a g e


2.3 E-Governance: Chapter 3 of the IT Act, 2000 (Sections 4-10A) deals with e-governance. E-governance is the application of ICTs to the processes of government functioning so as to have simple, accountable, speedy, responsive and transparent governance. The word electronic in the term e-Governance implies technology driven governance. E-Governance is the application of information and communication technology (ICT) for delivering government services, exchange of information communication transactions, integration of various stand-alone systems and services between Government-to-Citizens (G2C), Government-to-

Business(G2B),Government-to-Government(G2G) as well as back office processes and interactions within the entire government frame work. Through the e-Governance, the government services will be made available to the citizens in a convenient, efficient and transparent manner. The three main target groups that can be distinguished in governance concepts are Government, citizens and businesses/interest groups. In e-Governance there are no distinct boundaries. Generally four basic models are available-Government to Customer (Citizen), Government to employees, Government to Government and Government to Business. The act provides for legal recognitions of electronic records and digital signatures in Government and its agencies. The essence of E-governance is to reach the beneficiary and ensure that the services intended to reach the desired individual has been met with. The main objective of e-governance is to simplify and improve governance and enable peoples participation in governance through mail and internet. E-governance is not only providing information about the various activities of the government to its citizens and other organizations but it involves citizens to communicate with government and participate in government decision-making. E-governance is applied in following ways: a. Putting government laws and legislations online. b. Putting information relating to government plans, budgets, expenditures and performances online. c. Putting online key judicial decisions like environment decisions etc. which are important to citizens and create precedence for future actions. d. Making available contact addresses of local, regional, national and international officials online.
11 | P a g e



Making available the reports of enquiry committees or commissions online.

For example: Gramdoot (Rajasthan): This project was developed in Dabri Rampura (near Jaipur) and it provides various online facilities to the villagers, like Jamabandi (copies of land records), Shikayat online, Gramdak (rural e-mail account), Mandibhao (online rates), Gramhut (village bazaar), Vaivahiki (matrimonial service), Avedanpatra (application for driving license), bank loans and ration cards and Praman Patra (issuance of domicile for caste, income certificate) etc.

2.4 Certifying Authority: According to section 24 under Information Technology Act 2000 "Certifying Authority" means a person who has been granted a license to issue Digital Signature Certificates. A Certifying Authority is a trusted body whose central responsibility is to issue, renew and provide directories of Digital Certificates. In real meaning, the function of a Certifying Authority is equivalent to that of the passport issuing office in the Government. A passport is a citizen's secure document (a "paper identity"), issued by an appropriate authority, certifying that the citizen is who he or she claims to be. Similar to a passport, a user's certificate is issued and signed by a Certifying Authority and acts as a proof. Anyone trusting the Certifying Authority can also trust the user's certificate.

The IT Act 2000 gives details of who can act as a CA. Accordingly a prospective CA has to establish the required infrastructure, get it audited by the auditors appointed by the office of Controller of Certifying Authorities, and only based on complete compliance of the requirements, a license to operate as a Certifying Authority can be obtained. The license is issued by the Controller of Certifying Authority, Ministry of Information Technology, Government of India.

12 | P a g e


3.1 Introduction The evolution of Information Technology (IT) gave birth to the cyber space wherein internet provided equal opportunities to all the people to access any information, data storage, analyse etc. with the use of high technology. Due to increase in the number of cybercitizens, misuse of technology in the cyberspace was clutching up which gave birth to cybercrimes at the domestic and international level as well. Cyber Crime is not defined officially in IT Act or in any other legislation. Offence or crime has been dealt with elaborately listing various acts and the punishments for each, under the Indian Penal Code, 1860 and related legislations. Hence, the concept of cyber crime is just a combination of crime and computer. Cyber Crime is unlawful acts wherein the computer is either a tool or target or both. Cyber crime may be defined as a criminal offense on the Web, a criminal offense regarding the Internet, a violation of law on the Internet, an illegality committed with regard to the Internet, breach of law on the Internet, computer crime, contravention through the Web, corruption regarding Internet, criminal activity on the Internet, disrupting operations through malevolent programs on the Internet, stalking victims on the Internet, theft of identify on the Internet. Most cybercrime is an attack on information about individuals, corporations, or governments. Although the attacks do not take place on a physical body, they do take place on the personal or corporate virtual body, which is the set of informational attributes that define people and institutions on the Internet. Cybercrimes also includes criminal activities done with the use of computers which further perpetuates crimes i.e. financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking, unauthorized access to Computer system, theft of information contained in the electronic form, e-mail bombing, physically damaging the computer system etc.

13 | P a g e


3.2 Types of cyber crimes: Amongst many different types of cyber crimes such as cracking, e-mail spoofing, carding, cyber defamation, cyber squatting etc. Two are explained here in detail.

1. Hacking: It is the act of gaining unauthorized access to a computer system or network and in some cases making unauthorized use of this access. Any person who trespasses any computer, computer system, computer network or any part thereof, knowingly, with malicious intentions to gain access or use or makes an attempt to access or use is said to have committed a crime
Malicious purpose may include: Money laundering, obtaining money, theft. Fraudulent pretences or representations Formulating and executing any fraudulent scheme

For example: Using the computer as a distribution point for spam, downloading files from the computer, stealing account info for various services, putting a virus on someones pc, smart phone etc. When a person X gains unauthorized access to the gmail account of Y and denies access to Y. In this case X is the hacker.

2. Phishing: Phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by camouflaging as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. For Example: Criminal sends a message via e-mail like Congratulations you have won $100,00,000 to a random persons e-mail address and thereby asks the receiver of the mail to fill in some personal details so that the money can be transferred to the receiver of the mail. The criminal also asks for some processing charges to be paid so that the amount can be transferred. Many a times the person to whom the mail has been sent pays the processing charges but does not receive the prize money mentioned in the mail.
14 | P a g e


4. IMPORTANT SECTIONS OF IT ACT SECTION 43. Penalty and Compensation for damage to computer, computer system, etc: If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network accesses or secures access, downloads, copies or extracts any data, introduces or causes to be introduced any computer contaminant or computer virus, damages any other programmes, denies or causes the denial of access to any person authorized to access any computer, provides any assistance to any person to facilitate access to a computer, charges the services availed of by a person to the account of another person by tampering with or manipulating, destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage shall be liable to pay damages by way of compensation not exceeding 1 crore rupees to the person so affected. SECTION 43(A). Compensation for failure to protect data: Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five crore rupees, to the person so affected. New Section 43-dealing with compensation for failure to protect data was introduced in the ITAA -2008. The corporate responsibility for data protection is greatly emphasized by inserting Section 43A whereby corporate are under an obligation to ensure adoption of reasonable security practices. Further what is sensitive personal data has since been clarified by the central government vide its Notification dated 11 April 2011 giving the list of all such data which includes password, details of bank accounts or card details, medical records etc. After this
15 | P a g e


notification, the IT industry in the nation including tech savvy and widely technology-based banking and other sectors became suddenly aware of the responsibility of data protection and a general awareness increased on what is data privacy and what is the role of top management and the Information Security Department in organizations in ensuring data protection, especially while handling the customers and other third party data. For example: Pune citibank Mphasis BPO Fraud: 2005 In December 2004, four call centre employees, working at an outsourcing facility operated by Mphasis in India, obtained PIN codes from four customers of Mphasis client, CitiGroup. These employees were not authorized to obtain the PINs. In association with others, the call centre employees opened new accounts at Indian banks using false identities. Within two months, they used the PINs and account information gleaned during their employment at Mphasis to transfer money from the bank accounts of CitiGroup customers to the new accounts at Indian banks. By April 2005, the Indian police had tipped off to the scam by a U.S. bank, and quickly identified the individuals involved in the scam. Arrests were made when those individuals attempted to withdraw cash from the falsified accounts, $426,000 was stolen; the amount recovered was $230,000. Verdict: Court held that Section 43(a) was applicable here due to the nature of unauthorized access involved to commit transactions. Many of the accused had been charged under section 67 of the IT act, 2000 and Indian penal code sections 420 (cheating), 465, 467 and 671 (forgery) besides other sections.

16 | P a g e


SECTION 65. Tampering with Computer Source Documents If a person knowingly or intentionally conceals, destroys or alters or causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable. Penalties: Imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. For the purposes of this section, "Computer Source Code" means the listing of programmes, Computer Commands, Design and layout and programme analysis of computer resource in any form For example: Syed Asifuddin & others Vs. The State of Andhra Pradesh Reliance Infocomm launched a scheme under which a cell phone subscriber was given a digital handset worth Rs. 10,500/- as well as service bundle for 3 years with an initial payment of Rs. 3350/- and monthly outflow of Rs. 600/-. The condition was that the handset was technologically locked so that it would only work with the Reliance Infocomm services. If the customer wanted to leave Reliance services, he would have to pay some charges including the true price of the handset. Unidentified persons contacted Reliance customers with an offer to change to a lower priced Tata Indicom scheme. As part of the deal, their phone would be technologically "unlocked" so that the exclusive Reliance handsets could be used for the Tata Indicom service. The police then raided some offices of Tata Indicom in Andhra Pradesh and Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm. Held: Such tampering is an offence u/s 65 of IT Act as well as Copyright infringement u/s 63 of Copyrights Act.

17 | P a g e


SECTION 66. Computer Related Offences The section 66 of IT (Amendment) Act, 2008 deals with computer related offenses. As per section 43 of IT Act 2000, data theft was a simple civil offence. After the amendment of IT Act 2000 in 2008, Sec 43 is referred to in Sec 66. If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable. Penalties: Imprisonment up to 3 years and/or fine of five lakh rupees For example: Kumar vs. Press Information Bureau, Chennai In this case the accused gained unauthorized access to the Joint Academic Network (JANET) and deleted, added files and changed the passwords to deny access to the authorized users. Investigations had revealed that Kumar was logging on to the BSNL broadband Internet connection as if he was the authorized genuine user and made alteration in the computer database pertaining to broadband Internet user accounts of the subscribers. The CBI had registered a cyber crime case against Kumar and carried out investigations on the basis of a complaint by the Press Information Bureau, Chennai, which detected the unauthorized use of broadband Internet. The complaint also stated that the subscribers had incurred a loss of Rs 38,248 due to Kumars wrongful act. He used to hack sites from Bangalore, Chennai and other cities too. Verdict: The Additional Chief Metropolitan Magistrate, Egmore, Chennai, sentenced N G Arun Kumar, the techie from Bangalore to undergo a rigorous imprisonment for one year with a fine of Rs 5,000 under section 420 IPC (cheating) and Section 66 of IT Act (Computer related Offence).

18 | P a g e


SECTION66(A) Punishment for sending offensive messages through communication service This section deals with sending offensive messages through a computer resource or a communication device. This includes messages or information that is grossly menacing or offensive character or which is known to be false, but sent with a purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will. This also includes any electronic mail or electronic mail message for purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or the recipient. Penalties: Imprisonment up to 3 years and/or fine. For example: Bomb hoax mail In 2009, a 15-year-old Bangalore teenager was arrested by the cyber crime investigation cell (CCIC) of the city crime branch for allegedly sending a hoax e-mail to a private news channel. In the e-mail, he claimed to have planted five bombs in Mumbai, challenging the police to find them before it was too late. At around 1p.m. on May 25, the news channel received an e-mail that read: I have planted five bombs in Mumbai; you have two hours to find it. The police, who were alerted immediately, traced the Internet Protocol (IP) address to Vijay Nagar in Bangalore. The Internet service provider for the account was BSNL, said officials. New guidelines following Palghar case: No less than a police officer of a rank of DCP will be allowed to permit registration of a case under provisions of the Information Technology Act that deals with spreading hatred through electronic messages. In the case of metropolitan cities, such an approval would have to come at the level of Inspector General of Police. The concerned police officer or police station cannot register any complaints (under Section 66 (A)) unless he has obtained prior approval at the level of an officer not below the DCP rank in urban and rural areas and IG level in metros.

19 | P a g e


SECTION 66 (D): Punishment for cheating by personation by using computer resource Whoever, by means of any communication device or computer resource cheats by personating, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees. For example: Samdeep Varghese v/s State of Kerala A complaint filed by the representative of a Company, which was engaged in the business of trading and distribution of petrochemicals in India and overseas, a crime was registered against nine persons, alleging offences under Sections 65, 66, 66A, C and D of the Information Technology Act along with Sections 419 and 420 of the Indian Penal Code. The company has a web-site in the name and style `' but, another web site `' was set up in the internet by first accused Samdeep Varghese @ Sam, (who was dismissed from the company) in conspiracy with other accused, including Preeti and Charanjeet Singh, who are the sister and brother-in-law of `Sam'. Defamatory and malicious matters about the company and its directors were made available in that website. The accused sister and brother-in-law were based in Cochin and they had been acting in collusion known and unknown persons, who have collectively cheated the company and committed acts of forgery, impersonation etc. Two of the accused, Amardeep Singh and Rahul had visited Delhi and Cochin. The first accused and others sent e-mails from fake e-mail accounts of many of the customers, suppliers, Bank etc. to malign the name and image of the Company and its Directors. The defamation campaign run by all the said persons named above has caused immense damage to the name and reputation of the Company. The Company suffered losses of several crores of Rupees from producers, suppliers and customers and were unable to do business.

20 | P a g e


SECTION 66 (E): Punishment for violation of privacy Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both. For example: Nagpur Congress leaders son MMS scandal On January 05, 2012 Nagpur Police arrested two engineering students, one of them a son of a Congress leader, for harassing a 16-year-old girl by circulating an MMS clip of their sexual acts. According to the Nagpur (rural) police, the girl was in a relationship with Mithilesh Gajbhiye, 19, son of Yashodha Dhanraj Gajbhiye, a zila parishad member and an influential Congress leader of Saoner region in Nagpur district. Subsequently, the police registered offences against Mithilesh and Sushil (20) under publishing or transmitting obscene material in electronic form and raping the minor girl. SECTION 66 (F): Punishment for cyber terrorism Whoever (A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by (i) denying or cause the denial of access to any person authorized to access computer resource (ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorized access (iii) introducing or causing to introduce any Computer Contaminant and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70, or
21 | P a g e


(B) knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism. Penalties: Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life. For example: Parliament attack case: (Explained under case studies) SECTION 67 Punishment for publishing or transmitting obscene material in electronic form Any person who publishes or causes to publish or to be transmitted or transmits any obscene material in electronic form shall be liable for punishment under the section 67 of IT Act. The earlier Section in ITA was later widened as per ITAA 2008 in which child pornography and retention of records by intermediaries were all included. Penalties: Convicted for the first time - Imprisonment up to 3 years and/or fine of one lakh rupees Convicted again thereafter - Imprisonment up to 10 years and/or fine of ten lakh rupees

22 | P a g e


For example: case Avnish Bajaj vs. State (N.C.T.) of Delhi Avnish Bajaj CEO of is a customer-to-customer website, which facilitates the online sale of property. It receives commission from such sales and also generates revenue from advertisements carried on its web pages. An obscene MMS clipping was listed for sale on on 27th November, 2004 in the name of DPS Girl having fun. Some copies of the clipping were sold through and the seller received the money for the sale. Avnish Bajaj was arrested under section 67 of the Information Technology Act, 2000 and his bail application was rejected by the trial court. He then approached the Delhi High Court for bail. Arguments by the prosecution 1. The accused did not stop payment through banking channels after learning of the illegal nature of the transaction. 2. The item description DPS girl having fun should have raised an alarm. Arguments by the defendants 1. Section 67 of the Information Technology Act (IT act 2000) relates to publication of obscene material. It does not relate to transmission of such material. 2. On coming to learn of the illegal character of the sale, remedial steps were taken within 38 hours, since the intervening period was a weekend.

Findings of the court

1. It had not been established from the evidence that any publication took place by the accused, directly or indirectly. 2. The actual obscene recording/clip could not be viewed on the portal of 3. The sale consideration was not routed through the accused. 4. Prima facie had endeavored to plug the loophole. 5. The accused had actively participated in the investigations.
23 | P a g e


6. The evidence that has been collected indicates only that the obscene material may have been unwittingly offered for sale on the website. 7. The evidence that has been collected indicates that the heinous nature of the alleged crime may be attributable to some other person.

Decision of the court 1. The court granted bail to Mr. Bajaj subject to furnishing two sureties of Rs. 1 lakh each. 2. The court ordered Mr. Bajaj to surrender his passport and not to leave India without the permission of the Court. 3. The court also ordered Mr. Bajaj to participate and assist in the investigation. Loophole in IT act 2000: This incident caused a sudden panic across the country and many discussions regarding the inefficiency of the IT Act, 2000 and the need to amend it started. Section 67 of the Information Technology Act (IT act 2000) is related to publication of obscene material & not to transmission of such material. Thus, the earlier Section in ITA was later widened as per ITAA 2008 in which child pornography and retention of records by intermediaries were all included. Also, after this scandal, owing to debates around culpability, liability and prosecution of material on the internet, several key judgments were passed including banning the use of mobile phones in college and school campuses across India.

24 | P a g e


5. ROLE OF INFORMATION TECHNOLOGY (IT) IN THE BANKING SECTOR Banking environment has become highly competitive today. To be able to survive and grow in the changing market environment banks are going for the latest technologies. It is also viewed as an instrument of cost reduction and effective communication with people and institutions associated with the banking business. The Software Packages for Banking Applications in India had their beginnings in the middle of 80s, when the Banks started computerizing the branches in a limited manner. The early 90s saw the plummeting hardware prices and advent of cheap and inexpensive but high powered PCs and services and banks went in for what was called Total Branch Automation (TBA) packages. The middle and late 90s witnessed the tornado of financial reforms, deregulation globalization etc. coupled with rapid revolution in communication technologies and evolution of novel concept of convergence of communication technologies, like internet, mobile/cell phones etc. Technology has continuously played on important role in the working of banking institutions and the services provided by them like safekeeping of public money, transfer of money, issuing drafts, exploring investment opportunities and lending drafts, exploring investment being provided. Information Technology enables sophisticated product development, better market infrastructure, implementation of reliable techniques for control of risks and helps the financial intermediaries to reach geographically distant and diversified markets. Internet has significantly influenced delivery channels of the banks. Internet has emerged as an important medium for delivery of banking products and services. The customers can view the accounts; get account statements, transfer funds and purchase drafts by just punching on few keys. The smart cards i.e., cards with micro processor chip have added new dimension to the scenario. An introduction of Cyber Cash the exchange of cash takes place entirely through Cyber-books. Collection of Electricity bills and telephone bills has become easy. No doubt banking services have undergone drastic changes and so also the expectation of customers from the banks has increased greater.

25 | P a g e


IT is increasingly moving from a back office function to a prime assistant in increasing the value of a bank over time. IT does so by maximizing banks of pro-active measures such as strengthening and standardizing banks infrastructure in respect of security, communication and networking, achieving inter branch connectivity, moving towards Real Time gross settlement (RTGS) environment the forecasting of liquidity by building real time databases, use of Magnetic Ink Character Recognition and Imaging technology for cheque clearing to name a few. 5.1 E-Banking: E-banking made its debut in UK and USA 1920s. It becomes prominently popular during 1960, through electronic funds transfer and credit cards. The concept of web-based baking came into existence in Europe and USA in the beginning of 1980. In India e-banking is of recent origin. The traditional model for growth has been through branch banking. Only in the early 1990s has there been a start in the non-branch banking services. The new private sector banks and the foreign banks are handicapped by the lack of a strong branch network in comparison with the public sector banks. In the absence of such networks, the market place has been the emergence of a lot of innovative services by these players through direct distribution strategies of non-branch delivery. All these banks are using home banking as a key pull factor to remove customers away from the well entered public sector banks. Many banks have modernized their services with the facilities of computer and electronic equipments. The electronics revolution has made it possible to provide ease and flexibility in banking operations to the benefit of the customer. The e-banking has made the customer say good-bye to huge account registers and large paper bank accounts. The e-banks, which may call as easy bank offers the following services to its customers:

26 | P a g e


Automatic Teller Machine (ATM) An ATM is a computerized telecommunications device that provides a financial institutions customers a secure method of performing financial transactions in a public space without the need for a human clerk or bank teller. ATMs are linked to banks central computer and identify the customer through magnetic coding on the card provided to customer and Personal Identification Number (PIN), keyed in by the customer. It updates the account of the customer after the completion of the transaction. The transaction using ATM can range from simple transactions involving cash withdrawals and deposits to making hotel reservations etc.

Electronic Funds Transfer (EFT) To transfer funds instantly among various branches at various locations in the country; by connecting these branches through a network using the latest communication technology which includes satellite, leased lines, dial-up lines etc.

Electronic Clearing Service (ECS) In April 1995, the RBI introduced electronic clearing service between selected metro centres in the country under which transfer of funds from one centre to another could be done quickly. ECS is essentially a more effective method of handling bulk payment transactions and inward remittances, like pension, interest, dividend, salary or commission cheques. It adds 3 benefits to customers inwards remittances: Speed, Safety & Convenience. As a subscriber to ECS, customers bank account would be directly credited on every due date.

Credit Cards/Debit Cards These cards are used to store information related to customers account and can be used to perform many functions involving purchase of goods and services. These reduce cashhandling expenses and the risk involved in handling cash. Hence, enhance customer safety and convenience. Debit card is similar to credit card with some important exceptions. While the process is fast and easy, a debit card purchase transfers money to the stores account. So, its important that you have funds in your account to cover your purchase.

27 | P a g e


SMS Banking It is a technology-enabled service offering from banks to its customers, permitting them to operate selected banking services over their mobile phones using SMS messaging. SMS Banking services are operated using both Push and Pull Messages: Push messages are those that the bank chooses to send out to a customers mobile phone, without the customer initiating a request for the information, these are either Mobile Marketing messages or messages alerting an event which happens in the customers bank account, such as a large payment using the customers credit card, etc.

Pull messages are those that are initiated by the customer, using a mobile phone, for obtaining information or performing a transaction in the bank account. Pull messages include an account balance enquiry, or requests for current information like deposit interest rates, as published and updated by the bank.

Internet Banking Banks and financial services firms are now waking up to the tremendous potential of internet. Internet banking may be done through a banks website where bank also has a physical structure or user can choose a virtual bank or financial institution that has no public building and exists only online. Internet banking is usually conducted through a personal computer (PC) that connects to a banking web site via the Internet. Internet banking also can be conducted via wireless technology through both Personal Digital Assistants (PDAs) and Cellular Phones. Online Remittances Another example of how well IT has been aligned with banking, and is providing value to customers, is better online remittances from around the world. Beneficiaries in India are credited with remittance money within hours. Example: Real Time Gross Settlement (RGTS), National Electronic Fund Transfer (NEFT) etc.

28 | P a g e


Benefits of E-banking: To the Customer:

Anywhere Banking no matter wherever the customer is in the world. Balance enquiry, request for services, issuing instructions etc., from anywhere in the world is possible.

Anytime Banking Managing funds in real time and most importantly, 24 hours a day, 7days a week.

Convenience acts as a tremendous psychological benefit all the time. Brings down Cost of Banking to the customer over a period a period of time. Cash withdrawal from any branch / ATM On-line purchase of goods and services including online payment for the same.

To the Bank:

Innovative, scheme, addresses competition and present the bank as technology driven in the banking sector market

Reduces customer visits to the branch and thereby human intervention Inter-branch reconciliation is immediate thereby reducing chances of fraud and misappropriation

On-line banking is an effective medium of promotion of various schemes of the bank, a marketing tool indeed.

Integrated customer data paves way for individualized and customized services.

29 | P a g e


6. NASSCOM: The National Association of Software and Services Companies (NASSCOM) is a trade association of Indian Information Technology (IT) and Business Process Outsourcing (BPO) industry. Established in 1988, NASSCOM is a non-profit organization. Its objective is to build a growth led and sustainable technology and business services sector in the country. NASSCOM is a global trade body with over 1400 members, of which over 250 are companies from the US, UK, EU, Japan and China. NASSCOM's member companies are in the business of software development, software services, software products, IT-enabled/BPO services and e-commerce. These companies represent 95 percent of industry revenues and have enabled the association to spearhead initiatives and programs to build the sector in the country and globally. NASSCOM members are active participants in the new global economy and are admired for their innovative business practices, social initiatives and thrust on emerging opportunities. NASSCOM facilitates business and trade in software and services and encourages the advancement of research in software technology. It is registered under the Indian Societies Act, 1860. NASSCOM is headquartered in New Delhi, India with regional offices in the cities of Mumbai, Chennai, Hyderabad, Bangalore, Pune and Kolkata. VISION: To help the IT and IT enabled products and services industry in India to be a trustworthy, respected, innovative and society friendly industry in the world. It means to establish India as the 21st century's software powerhouse and position the country as the global sourcing hub for software and services. Members enjoy several benefits including information on changes in policies of the Government of India with regards to computer software and IT services.
30 | P a g e


MISSION: 1] Establish India as a hub for innovation and professional services 2] Deepen the IT-BPM industrys footprint in its core markets and beyond, by building strategic partnerships with its customers 3] Facilitate growth and maintain Indias leadership position as a trusted and safe place to do business 4] Be a conduit of change through leadership research, market intelligence and membership engagement 5] Work with government to shape policy in all key areas of activities such as skill development, trade and business services 6] Provide platforms for members and other stakeholders to interact and network 7] Expand the countrys pool of relevant and skilled talent and harness the benefits of ICT to drive inclusive and balanced growth 8] Transform Business, Transform India is the overall objective of NASSCOM and its member organisations NASSCOM initiatives include:

The Domestic Market Initiative, created to integrate the IT and non-IT sectors and to plan for continued IT industry growth.

The Innovation Initiative, created to foster and an environment that meets the specific needs of Indian businesses of all sizes.

The Education Initiative, created to provide additional training and skill enhancement to improve graduate employability. This initiative also interfaces between industry, academia and government.

The Women in Leadership-IT Initiative, created to increase the number of women entering the IT-BPO industry and enhance the career prospects for those women in the industry.

The Security Initiative, created to promote information security and compliance through public education and creation of a security-aware environment.

31 | P a g e


Key activities of NASSCOM 1. Policy Advocacy: NASSCOM has enabled a strong partnership with the Government at the centre and state to provide a conducive policy environment for the industry to grow in the country.

2. Industry Development: NASSCOM has a strong focus on industry research and tracking industry performance data, facts and statistics provided by NASSCOM are the standard across industry and government; Events and forums bring the members at a common platform; Domestic market development and E-governance have been identified as key focus areas to enable NASSCOM members to participate in enabling the technology in the country.

3. Membership Engagement: To share best practices, NASSCOM has enabled a number of special interest groups wherein members participate and strategize key industry issues. CEO Forums, Captive Forum, HR best practice sessions, leadership development, and infrastructure management are some examples.

4. Entrepreneurship: Promoting and nurturing small companies and start-ups is a key focus area for NASSCOM. This is enabled through the Emerge Forum that provides a blended model of online and offline sessions to promote mentorship, sales and marketing, partnership, funding etc.

5. Enabling Environment: NASSCOM in partnership with the industry has created specific programs and awards that encourage Innovation, Talent development, Security best practices and tier 2 city developments.

6. Global Trade Development: Enhancing Indias global partnership is another focus areas and NASSCOM is engaged across policy advocacy, new market development and MOUs with global associations.
32 | P a g e


7. CYBER CRIME STATISTICS IN INDIA UNDER IT ACT: 1. Number of Cyber Crimes recorded in India in last 5 years:

3500 3000 2500 2000 1500 1000 500 0 288 2008 420 2009 2010 2011 2012 2013 966 1791 965 2876

2. Offences registered under Indian Penal Code:

33 | P a g e


3. State wise count of the cyber-crime in 2013:

Chart Title
Maharashtra 919 693

Andhra Pradesh

883 493

Cases Filed Arrests made


716 195






Maharashtra led the country in the registration of cases that involved violation of the Information Technology act and other cyber crime laws in the last three years. It saw 919 cases filed and 693 persons arrested in the last three years. The high number of arrests in the state is attributed to greater awareness of people. Maharashtra was followed by Andhra Pradesh and Karnataka at 883 and 716 cyber cases filed, respectively. Andhra Pradesh made 493 arrests and Karnataka 195, far behind Maharashtra. Most of the cases involve tampering of computer service document [Section 65 of the IT Act], loss or damage to computer resource, hacking [Section 66-2 of the IT Act], failure to comply with orders passed by the competent authority under the IT legislation, suppression of facts for obtaining license for digital signature and forging digital signature [Section 74 of the IT Act) and breach of confidentiality [Section 72 of the IT Act].

34 | P a g e


Maharashtra was among the first in the country to take the lead in setting up a special cyber police station as well as an adjudicating officer under the IT act. Immediately after the law came into force, special training in cyber laws was imparted to members of the law enforcement agencies and, as a result, there was speedy investigation of cyber crimes. After appointing the adjudicating authority, who is a principal secretary in the information technology department, it was found that there was speedy disposal of cases filed under the IT Act. 4. Country wise distribution of cyber crimes 2013: The Top 10 Countries chart is lead by US which suffered nearly 1 attack on 2, well ahead of UK (5%) and India (3%).

35 | P a g e


5. Data Breach Statistics by Industry:

5% 10% Medical/Healthcare 11% 39% Business Education Government/ military Banking/Credit/Financial 35%


36 | P a g e


According to NCRB report: Incidence of Cyber Crimes (IT Act + IPC Sections) has increased by 57.1% in 2012 as compared to 2011 (from 2,213 in 2011 to 3,477 in 2012). Cyber Fraud accounted for 46.9% (282 out of 601) and Cyber Forgery accounted for 43.1% (259 out of total 601) were the main cases under IPC category for Cyber Crimes. 61.0% of the offenders under IT Act were in the age group 18-30 years (928 out of 1,522) and 45.2% of the offenders under IPC Sections were also in the age group 1830 years (248 out of 549).

37 | P a g e


1. Parliament attack case:

Background of the case Several terrorists had attacked the Parliament House on 13th December, 2001 intending to take as hostage or kill the Prime Minister, Central Ministers, Vice-President of India and Members of Parliament. Several terrorists were killed by the police in the encounter and several persons were arrested in connection with the attack. The Designated Judge of the Special Court constituted under Section 23 of the Prevention of Terrorist Activities Act, 2002 (POTA) had convicted several accused persons. They filed an appeal in the Delhi High Court challenging the legality and validity of the trial and the sustainability of the judgment. Digital evidence played an important role in this case.

Computerized cell phone call logs were heavily relied upon in this case. A laptop, several smart media storage disks and devices were recovered from a truck intercepted at Srinagar pursuant to information given by two of the suspects. These articles were deposited in the police malkhana on 16th December, 2001. The laptops were forensically examined by a private computer engineer and the Assistant Government Examiner of Questioned Documents, Bureau of Police Research, Hyderabad. The laptop contained files relating to identity cards and stickers that were used by the terrorists to enter the Parliament premises. Cyber forensic examination showed that the laptop was used for creating, editing and viewing image files (mostly identity cards).

Evidence found on the laptop included: 1. Fake identity cards, 2. Video files containing clippings of political leaders with Parliament in background shot from TV news channels, 3. Scanned images of front and rear of a genuine identity card, 4. Image file of design of Ministry of Home Affairs car sticker,
38 | P a g e


5. The game 'wolf pack' with the user name 'Ashiq'. Ashiq was the name in one of the fake identity cards used by the terrorists.

Mohammad Afzal Guru (1969 - 9 February 2013), a citizen of India, was convicted by Indian court for the December 2001 attack on the Indian Parliament, and sentenced to death by a special Prevention of Terrorism Act Court in 2002. The Delhi High Court confirmed the judgment in 2003 and his appeal was rejected by the Supreme Court of India in 2005.

The Supreme Court did not find any evidence as to his membership to any terrorist organization but stated that the circumstances clearly established that Guru was associated with the deceased terrorists in almost every act done by them in order to achieve the objective of attacking the Parliament and there was sufficient and satisfactory circumstantial evidence to establish that he was a partner in the conspiracy.

The sentence was scheduled to be carried out on 20 October 2006, but Guru was given a stay of execution after his wife filed a mercy petition which eventually was rejected. On 3 February 2013, his mercy petition was rejected by the President of India, Pranab Mukherjee. He was secretly hanged at Delhi's Tihar Jail around 08:00 am on 9 February 2013 and afterward buried inside jail grounds in Operation Three Star. His family was not informed prior to execution and his dead body was later denied to his family. His execution resulted in violent protests across the Kashmir region.

Conclusion of the court If someone challenges the accuracy of computer evidence on the ground of misuse of system or operating failure or interpolation, then the challenger has to establish the challenge. Mere theoretical and generic doubts cannot be cast on the evidence.

39 | P a g e


2. NMIMS Case:

Background of the case In a major education-related racket bust, six persons were identified for having impersonated 87 candidates in the Narsee Monjee Management Aptitude Test (NMAT) which was held from October 11 to December 19, 2012.

Brajendrapratap Singh,one of the accused, had promised one student of securing him passing marks in the NMAT through management quota for Rs 15 lakh. Thereafter, the accused took Rs 7.5 lakh as advance from the student and employed a dummy candidate to take the test in place of the student. The accused then informed the student that he had passed the NMAT exam and had been shortlisted for the group discussion and interview. The student would then had to pay up the remaining Rs 7.5 lakh.

Hanumant Singh Gujar's credit card was used to pay the admission fees for some of the students while his brother Sugriv Singh Gujar used to mediate between the students and dummy test takers. Pavan Kumar and Himanshu Shekhar were both also middlemen who used to lure NMIMS aspirants into paying money on the pretext of admission through management quota and then pass them on to consultants. Such was the efficiency of the illegal service that most of these students scored 220 marks or above in NMAT, a very high score for the test.

While the impersonators managed to get past the NMAT verification systems using forged primary and secondary identity proofs, the students benefitting from the malpractice were nailed by NMIMS during the group discussion and interview stage after their photographs were found to be not matching those given at the time of the test. Among the 87 students who allegedly availed of this malpractice, only 61 candidates turned up for admission at the institute.

40 | P a g e


On May 3, the Mumbai Crime Branch arrested six persons, including a dummy candidate, involved in the racket. During investigations, the cyber cell had identified 15 coaching and career guidance classes in Delhi, Ghaziabad and Noida that were involved in the racket.

Major breakthrough: The cyber cell of the Mumbai police achieved a major breakthrough in the admission racket of Narsee Monjee Institute of Management Studies, when they arrested the kingpin of the scam.

The accused Vikas Bansal, who ran career counseling centers in Delhi and Ghaziabad named 'Career Guidance', was arrested in New Delhi. Bansal used to visit different coaching classes and recruit dummy candidates, whom he employed as professors in his centers. These professors were usually IIT graduates and scholars who were asked to appear for tests in the place of aspiring students.

23 students of the 2011-13 batch, 43 of 2012-14 batch and 61 of 2013-15 batch were found involved in the scam. Degrees of all 23 students of the 2011-13 batch, who had fraudulently secured admission, were cancelled on August 3. 90 per cent of students involved in the admission racket had accepted jobs from nine companies. Nearly five companies informed the college that they had sacked their employees named in the scam. Section 66 (D) of the IT act is applicable in this case.

41 | P a g e


3. Niraj Ambanis credit card fraud:

Background of the case Use of an expired credit card of a top Reliance Industries executive to make purchases worth Rs 2 lakh had led the Navi Mumbai Crime Branch to a gang of card fraudsters. Rs 2 lakh were spent on the HDFC card of Niraj Ambani, president, group logistics at Reliance Industries, on December 26, 2013 while he was in meeting in his office. He was intimated by the bank when the first transaction of Rs 53,500 was done.

He, however, did not find anything amiss, thinking that his wife, who was in Coimbatore at that time, must have swiped her add-on card. However, during the hour-long meeting, three more transactions took place. The bank called Ambani, who is Reliance chairman Mukesh Ambani's first cousin, again after the fourth transaction. When he asked where the card was swiped, he was told all four transactions had taken place in Thane. Ambani then asked for the card number, and to his surprise the number he was provided was of an old card which he had discontinued a long time back and also destroyed by cutting it into four pieces.

A case was lodged with the Navi Mumbai Cyber Crime Cell the same day. The cops established contact with the four stores where the card was swiped and came to know that four high-end cell phones were bought. While one team began analyzing the CCTV footage from two of these stores, another got hold of the IMEI numbers of the four phones purchased and put them under surveillance.

In the last week of January this year, they tracked one of four phones bought using the stolen data. The phone had changed hands four times. The cops managed to trace the entire chain and reached Mehul Shah on January 31. From their two hideouts the cops had recovered around 200 electromagnetic blank cards, laptops loaded with cloning software and machines used to load dump data onto cards, the cops also recovered another phone purchased using Ambanis card.

42 | P a g e


Shah's interrogation led the cops to Raza in Mira Road, who was arrested on February 4. Their third accomplice Jayant Gowda, who was a resident of Bhayander, however, got a whiff of the police operation and managed to escape.

Police believed it to be a multi-crore racket with national and international connections. The gang seemed to be receiving data from international players and they had the expertise to replicate almost any card.

43 | P a g e



Brazil India relations refers to the bilateral relations between the Federative Republic of Brazil and the Republic of India. Brazil and India also share historical ties as a result of the Portuguese Empire. More recently, both countries have co-operated in the multilateral level on issues such as international trade and development, environment, reform of the UN and the UNSC expansion. In recent years, relations between these countries have grown considerably and co-operation between the two has been extended to such diverse areas as science and technology, pharmaceuticals and space. The issue of privacy and data protection is fundamental in all developed countries, although a comparative analysis of the existing legislations worldwide reveals differences among the approaches taken by lawmakers. Brazil: There are only basic protection laws (Privacy laws) and no data protection law in Brazil. Privacy law refers to the laws which deal with the regulation of personal information about individuals which can be collected by governments and other public as well as private organizations and its storage and use by the Federal Brazilian Constitution. The legislation of Brazil recognizes the central value of the protection of the privacy of individuals, as contemplated by the Federal Constitution (article 5, X) that states that the human intimacy and privacy cannot be violated and, if this happens, the victim has the right to be compensated for the moral and material damages he/she suffered. The provision of article 5, X, of the Federal Constitution is reflected in the Civil Coder under article 21, that specifies the inviolability of the private life of individuals, with the important specification that the judiciary has the power to take measures to prevent or terminate any violation of the plaintiffs privacy. As regards data protection, i.e. the protection granted by the law to personal information referred to a right holder, the data subject, the Brazilian legislative approach is characterized by the fact that data protection rules and principles are contained in the legislation devoted to consumers protection, i.e. the Consumers Code.
44 | P a g e


The consent of the data subject to the processing of personal data relating to him/her, provided that such consent is not requested according to the Brazilian legislation. Brazils legislature has considered other data protection bills, a number of which are still pending; they would regulate, for example, Internet service providers, criminal records, email spam, Internet privacy, and offshore data transfers.

In case of any intentional or unintentional breaching of data protection by a financial institution, a penalty of one to four years imprisonment maybe imposed on the infringing part

On June 9th 2011 Brazil passed the Credit Information Law (CIL), which regulates the creation and the access to databases related to credit information of citizens and companies. This legal instrument forbids the processing of excessive information (data not necessary to credit granting or other banking services) and sensitive information (understood as related to social and ethnic origins, health, genetics, sexuality, and political, religious and philosophical convictions)

India: It should be underlined that the Information Technology Act 2000 is neither a privacy protection act nor any data protection legislation. It does not establish any specific data protection or privacy principles, no such term as personal data is defined. Instead of that, the IT Act is a generic legislation which regulates various themes, like digital signatures, public key infrastructures, e-governance, cyber contraventions, etc. Therefore in the IT Act, express provisions covering the core principles suggested by the Working Paper are scarce. In June, 2011, India passed a new privacy package that included various new rules that apply to companies and consumers. A key aspect of the new rules requires that any organization that processes personal information must obtain written consent from the data subjects before undertaking certain activities.

45 | P a g e


Previously, the Information Technology (Amendment) Act, 2008 made changes to the Information Technology Act, 2000 and added the following two sections relating to Privacy:

1. Section 43A, which deals with implementation of reasonable security practices for sensitive personal data or information and provides for the compensation of the person affected by wrongful loss or wrongful gain. 2. Section 72A, which provides for imprisonment for a period up to 3 years and/or a fine up to Rs. 5,00,000 for a person who causes wrongful loss or wrongful gain by disclosing personal information of another person while providing services under the terms of lawful contract. The IT act prescribes a penalty of imprisonment for up to 3 years and /or a fine of $ 9,500 in case of breach of contractual obligation the aggrieved party may approach the courts to obtain injunctive orders and/or claim damages. The Credit Information Companies (Regulation) Act, 2005 was passed in May 2005 and notified in the Gazette of India on June 23, 2005. A credit information company or credit institution or specified user, as the case may be, in possession or control of credit information, shall take such steps to ensure that the data relating to the credit information maintained by them is accurate, complete, duly protected against any loss or unauthorized access or use or unauthorized disclosure thereof.

46 | P a g e


In order to keep Information Technology safe tool to use the Indian Government passed Information Technology Act and subsequently did necessary amendments in it. The Law efficiently deals with the offences done inside the country. Because of this act many culprits have been convicted. It has given a robust protection to Information Technology within the country but however it still falls short when compared with many other nations to defend its systems aggressively from cyber terrorists.

We have try to find out various reasons that despite of such a tight act and high penalties and punishments what are the loop holes in the act which is blocking the proper implementation of such a force full act .Cyber Law in India is in its infancy stage. A lot of efforts and initiatives are required to make it a mature legal instrument. Law has been instrumental in giving Cyber Law in India a shape that it deserves.

The Information Technology Act does not take into account the extent of harm which an offence causes. In case of hacking a personal computer there is conviction which is same as that for hacking a banking system. In case of a personal computer hacking it could affect only one person however in case of hacking banking system it could severely affect millions of people as banking systems store money related information on it. In extreme case bank customers deposits amount could change. Now this has multifold more impact than that of hacking of personal computer. But IT act fails to take this into account.

Besides these grey areas India is also facing problems of lack of Cyber Security in India as well as ICT Security in India. A techno-legal base is the need of the hour. Unfortunately, we do not have a sound and secure ICT Security Base in India and Cyber security in India is still an ignored World. If opening of Cyber Cells and Cyber Units is Cyber Security than perhaps India is best in the World at managing Cyber Security issues. Unfortunately ICT Security in India is equated with face saving exercises of false claims and redundant exercises. The truth remains that ICT Security in India is a myth and not reality. The Cyber Law in India requires a
47 | P a g e


dedicated and pro active approach towards ICT and Cyber Security in India. In the absence of a dedicated and sincere approach, the Cyber Law in India is going to collapse.

On studying the IT act and the IT scenario in country we may come to a conclusion that IT act embarks important features as authenticity of e-mails, digital signature and many more which are immensely needed in todays fast progressing world. The developed nations of the world have already started going paper-free and India is on the same path. IT act is the milestone which enables usage of E-business to the fullest in the country. Therefore theres a reason to believe that Indian Information Technology Act helps regulate Information Technology norms in our nation. While this brings the scenario under control to some extent, misuse Information technology still happens, giving rise to more cyber-crimes.

48 | P a g e


9. BIBLIOGRAPHY: _110312_forDCLO.pdf 202012)%20-%20A%20brief%20analysis%20of%20DP%20in%20Brazil%20(updated%20version).pdf

49 | P a g e


50 | P a g e


51 | P a g e


52 | P a g e


53 | P a g e